]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/anyp/TrafficMode.h
1 #ifndef SQUID_ANYP_TRAFFIC_MODE_H
2 #define SQUID_ANYP_TRAFFIC_MODE_H
8 * Set of 'mode' flags defining types of trafic which can be received.
10 * Use to determine the processing steps which need to be applied
11 * to this traffic under any special circumstances which may apply.
16 TrafficMode() : accelSurrogate(false), natIntercept(false), tproxyIntercept(false), tunnelSslBumping(false) {}
17 TrafficMode(const TrafficMode
&rhs
) { operator =(rhs
); }
18 TrafficMode
&operator =(const TrafficMode
&rhs
) { memcpy(this, &rhs
, sizeof(TrafficMode
)); return *this; }
20 /** marks HTTP accelerator (reverse/surrogate proxy) traffic
22 * Indicating the following are required:
23 * - URL translation from relative to absolute form
24 * - restriction to origin peer relay recommended
28 /** marks ports receiving PROXY protocol traffic
30 * Indicating the following are required:
31 * - PROXY protocol magic header
32 * - src/dst IP retrieved from magic PROXY header
33 * - indirect client IP trust verification is mandatory
34 * - TLS is not supported
38 /** marks NAT intercepted traffic
40 * Indicating the following are required:
42 * - URL translation from relative to absolute form
43 * - Same-Origin verification is mandatory
44 * - destination pinning is recommended
45 * - authentication prohibited
49 /** marks TPROXY intercepted traffic
51 * Indicating the following are required:
52 * - src/dst IP inversion must be performed
53 * - client IP should be spoofed if possible
54 * - URL translation from relative to absolute form
55 * - Same-Origin verification is mandatory
56 * - destination pinning is recommended
57 * - authentication prohibited
61 /** marks intercept and decryption of CONNECT (tunnel) SSL traffic
63 * Indicating the following are required:
64 * - decryption of CONNECT request
65 * - URL translation from relative to absolute form
66 * - authentication prohibited on unwrapped requests (only on the CONNECT tunnel)
67 * - encrypted outbound server connections
68 * - peer relay prohibited. TODO: re-encrypt and re-wrap with CONNECT
70 bool tunnelSslBumping
;
72 /** true if the traffic is in any way intercepted
75 bool isIntercepted() { return natIntercept
||tproxyIntercept
;}